RE: [Exim] Logcheck configuration files

Top Pagina
Deze boodschap maakt deel uit van devolgende draad:
Mde volledige draad-boom gesorteerd op datum
MLumpp, Wolfgang op <-
MLumpp, Wolfgang op ->
Delete this message
Reply to this message
Auteur: Dickenson, Steven
Datum:  
Aan: 'exim-users@exim.org'
Onderwerp: RE: [Exim] Logcheck configuration files
Well, logcheck used to be part of the Abacus security project. However, I
believe it was abandoned by its author about 9 months ago. The Debian
package maintainer started doing some work on the code, adding features and
fixing reported bugs. You can grab the source TGZ file from the Debian
project page, as well as the Debian specific diffs, and try to kludge a
generic package together with that.

http://packages.debian.org/stable/admin/logcheck.html

I just used apt-get. Man I love Debian.

Steven
---
Steven Dickenson <sdickenson@???>
Network Administrator
The Key School, Annapolis Maryland

-----Original Message-----
From: Lumpp, Wolfgang [mailto:wol@msc-ge.com]
Sent: Tuesday, February 25, 2003 4:00 AM
To: exim-users@???
Subject: AW: [Exim] Logcheck configuration files


Hi,

where can I download the logcheck/logsentry?
I've tried several links, but all dead :-(

Thanks
Wolfgang

> -----Ursprüngliche Nachricht-----
> Von: Marc MERLIN [mailto:marc_news@merlins.org]
> Gesendet: Freitag, 21. Februar 2003 22:19
> An: Dickenson, Steven
> Cc: 'Exim Users (exim-users@???)'
> Betreff: Re: [Exim] Logcheck configuration files
>
>
> On Fri, Feb 21, 2003 at 04:03:22PM -0500, Dickenson, Steven wrote:
> > Does anyone have some sample logcheck files for use with
> Exim that you'd
> > like to share? I'd particularly like to see those from
> sites using Marc
> > Merlin's SA-Exim patch. I'm running Debian Woody, and thus
> am using the
> > version of logcheck that the Debian maintainer has forked.
>
> I have logcheck read mainlog, and those are the pattern I wrote
>
> Marc
>
> --------------------------------------------------------------
> --------------
> exim .* daemon started:
> Failed to create IPv6 socket
> [0-9] args:
> Start queue run:
> End queue run:
> Address family not supported by protocol
>
> # This makes the regex faster while assuming we only receive 10 mails
> a sec -0[0-9] <=
> -0[0-9] ->.* R=.* T=
> -0[0-9] =>.* R=.* T=
> -0[0-9] Completed
> -0[0-9] .* Connection reset by peer
> -0[0-9] .*: Connection refused
> -0[0-9] .*\[[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\]: No route to host
>
> Connection timed out
> SMTP command timeout on connection from
> SMTP connection from
> SMTP error from remote mailer after initial connection
> SMTP synchronization error
> SMTP command timeout on TLS connection from
> SMTP error from remote mailer after end of data
> SMTP error from remote mailer after RCPT TO
> SMTP error from remote mailer after MAIL FROM
> defer .*: host lookup did not complete
> defer .*: retry time not reached
> defer .*: No route to host
> rewritten as.*by rule
> Sender verify callout did not complete
> Sender verify did not complete
> Sender verify failed
> sender verify fail for
> sender verify defer for
> valid RCPT command must precede DATA
> Could not complete sender callout check
> retry time not reached for any host
> unexpected disconnection while reading SMTP command from rejected
> after DATA rejected EHLO from
> rejected HELO from
> # If you want to know about address probes
> #rejected RCPT.*Unrouteable address
>
> 0[0-9] Spool file is locked
>
> SA: Debug enabled
> SA: config read
> SA: check
> SA: score
> SA: fed spam to spamc, reading result
> SA: Message-Id received and cleaned as
> SA: spamc read
> SA: spamc pieced up
> SA: while reading headers
> SA: spamc, while parsing header
> SA: score hits=
> SA: spamc read got newline, end of headers
> SA: Read from X-Spam-Status
> SA: Writing suspected spam/problem message
> SA: Is Spam read from X-Spam-Flag
> SA: Body write chunk starts with
> SA: Processing body chunk
> SA: local_scan temporarily rejected
> SA: local_scan permanently rejected
> SA: local_scan permanently rejected
> SA: Flagged as Spam but accepted:
> SA: SAExim.*Cond expand returned
> SA: savemail condition expand
> SA: Setting timeout of 240 secs
> SA: local_scan stall completed. Sending tempreject
> rejected by local_scan\(\): Heuristics
> temporarily rejected by local_scan\(\): How about you try again later
> for a little more teergrube?
> --------------------------------------------------------------
> --------------
>
> --
> "A mouse is a device used to point at the xterm you want to type in" -
> A.S.R. Microsoft is to operating systems & security ....
>                                       .... what McDonalds is
> to gourmet cooking
> Home page: http://marc.merlins.org/   |   Finger
> marc_f@??? for PGP key

>
> --
>
> ## List details at
http://www.exim.org/mailman/listinfo/exim-users Exim details at
http://www.exim.org/ ##

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##


Deze boodschap werd naar devolgende mailinglijsten gestuurd:
Exim-users
Mailing Lijst Info | Nabije Berichten		<-Re: [Exim] variables and counters in aclRe: [Exim] TLS Issue->
Tahini and Hummus and Cumin Development Archives beheerd door cumin AdminsLurker (versie 2.3)